Adding Trusted Sites to Internet Explorer using GPO

For those of you whom wanted to customize the Internet Explorer settings for your clients, you should check out IEAK – Internet Explorer Administration Kit.

In this post, I will illustrate a simple scenario where an organization with Active Directory wants to add Trusted Sites to users’ Internet Explorer settings using GPO.

Before we start doing anything, please note that on Windows Server 2003 and 2008, we have Internet Explorer Enhanced Security Configuration turned on. This will not work with Windows XP, Vista or Windows 7 clients. So to begin, we have to turn off Enhanced Security Configuration to create a GPO for computers that do not have Enhanced Security Configurations.

To disable IE ESC, open Server Manager, Security Information, click on Configure IE ESC.


Turn off Internet Explorer Enhanced Security Configurations.


Now we are ready to configure a GPO to add Trusted sites to IE settings. You can find IE configuration settings on User Configuration –> Policies –> Windows Settings –> Internet Explorer Maintenance –> Security. Open Security Zones and Content Ratings.


Under Security Zones and Privacy, select Import the current security zones and privacy settings.


You will see a pop-up that warn you that you are configuring settings for computers that don’t have IE Enhanced Security Configuration enabled.


Add your Trusted sites and you are ready to test out your new GPO.


App-V 4.6 RTM and MED-V v1 SP1 RC now available

Microsoft released App-V 4.6 and MED-V v1 SP1 RC on the 23 Feb 2010 as part of MDOP 2010. You can download App-V 4.6 from TechNet and MSDN. You can download MED-V v1 SP1 RC from Connect while we awaits the final release which is expected to come in April 2010.

Please read about it on The Official MDOP Blog here.

Linux Integration Components for Windows Server 2008 Hyper-V

This latest version 2 of Linux IC for Hyper-V was released on 29 Jan 2010. Supported Host Operating Systems includes Windows Server 2008, WIndows Server 2008 R2, Microsoft Hyper-V Server 2008, and Microsoft Hyper-V Server 2008 R2.

Supported Guest Operating Systems includes:

SUSE Linux Enterprise Server 10 SP2 x86 and x64 (1 vCPU)
SUSE Linux Enterprise Server 11 x86 and x64 (1 vCPU)
Red Hat Enterprise Linux 5.2, 5.3, and 5.4 x86 and x64 (1 vCPU)

Installing Steps are similar to my previous post here.

Create a Multiboot System for Windows 7

This is a nice way to have Windows 7 if you like to keep your existing version of Windows.

This article is on Technet Magazine. Have fun with your multiboot Windows 7. Click here.

The Machine SID Duplication Myth

This is really one myth that caught me!!

I believed for so many years that duplicate Machine SIDs could cause problems. We know that machine SID is a unique identifier that are use with respect to object authorization, this is still true. However, it was believed that multiple computers with the same machine SID on the network poses a security risk. This is now a myth, please read Mark Russinovich’s technical blog to understand more! click

Infrastructure Planning and Design Guides for Virtualization (IPD Guides)

Microsoft released an updated series of IDP guides which covers Windows Server 2008 R2.

If you are trying to find out more before deploying your virtualization projects or you are looking for some guides that can get you up to speed quickly to start planning, then these IPD guides are the right documents you need.

The Infrastructure Planning and Design guide series gives you architectural guidance for Microsoft infrastructure products. The IPD guides help clarify and streamline design processes for Microsoft infrastructure technologies, with each guide addressing a unique infrastructure technology or scenario.

You can either choose to download the entire IPD series or Individual guides by Scenario. Check it out guys!!

Get the Guides

 Guides by Scenario

Download the IPD Guides for Virtualization

Multi-product planning and design guidance for Microsoft virtualization technologies are available in the following IPD Guides for Virtualization:

Offline Virtual Machine Servicing Tools

Microsoft released this Offline Virtual Machine Servicing Tool 2.1 that allows you to perform operating system updates to your offline virtual machines that are stored in your Microsoft System Center Virtual Manager library.

This is helpful in keeping your offline virtual machines up-to-date so that when you create a new virtual machines from your selected library, you can confidently bring it online as it will not introduce vulnerables into your organization.

It also saved your time and effort in recreating library images when new service packs and updates are released.

Download it here. Click.

Considerations when hosting Active Directory Domain Controllers on Virtual Machines

Just to share my experience on this topic, it mean be good to take these points into considerations when you are planning to deploy a domain controller on a Hyper-V machine.

Point number 1:

As a precaution, do not take snapshot of a Active Directory Domain Controller Virtual Machine. This is to prevent accidental or unplanned roll back of your Active Directory contents. Remember a snapshot is not a valid backup of your system state data. If you apply a snapshot of your Active Directory Domain Controller Virtual Machine, this causes an update sequence number (USN) rollback.

Point number 2:

If you take snapshot, a differencing disk AVHD file is created. And this AVHD will merge with the primary VHD file when you do a proper shutdown of the virtual machine. The duration of the merging depends on the size of the AVHD file. Now, imagine if you are unaware of this and shutdown your physical Hyper-V server machine before the merging can complete. Then you want to move, copy or migrate this domain controller virtual machine and you copy the files to a new Hyper-V server. Unknowingly, you load the unmerged VHD file on your new Hyper-V server and disaster strikes.

Point number 3:

Disable Time synchronization on your Domain Controller Virtual Server. This is to prevent time skewed. Authentication problems will occurred when your time is out of sync.


Upgrading Active Directory Domain Service to Windows 2008 R2

I know this might mean just running adprep /forestprep to most of you. But with Windows 2008 R2 shipped in 64bit, it does create some challenge to my 32bit FSMO roles Domain Controllers.

If your FSMO role masters are currently running 32bit Windows Servers, you can still upgrade your schema to R2. You can use adprep32.exe command for 32bit machines.

Cheers. :)





Misleading report on Black Screen of Death.

I would like to bring your attention to inaccurate stories following a report by a British company claiming that customers who deployed the Windows 7 November Security updates have experienced the so-called “Black Screens” that would render the system unbootable and unusable due to changes in the registry.

Here’s the background for your reference:

  • Microsoft has found these reports to be inaccurate. Comprehensive investigation has shown that none of the recently released updates are related to the behavior described in the reports. Microsoft’s support organization is also not seeing this as an issue. The claims also do not match any known issues that have been documented in our security bulletins.
  • On December 1, Prevx, the company which issued the report, posted an apology to Microsoft which stated the following:

“Since more specifically narrowing down the cause we have been able to exonerate these patches from being a contributory factor.”

  • According to Microsoft’s blog post, the real culprit is a piece of malware that clears desktops and produces a black screen on infected PCs; various security vendors have tools for removing this malware. There is no fix or update necessary for this, but customers should keep their anti-virus software up-to-date as a preventative measure. So far, Microsoft is not seeing a massive occurrence of this particular issue in our support channels. If customers do encounter an issue with a security update, contact our Customer Service and Support group for no-charge assistance at
  • The protection and well-being of our customers’ PCs through the deployment of Security Updates is the ultimate goal of the Microsoft Security Response Center. Because of this, we continually work with our Customer Service and Support teams to keep a close eye for issues that may impact customers’ deployment of security updates.

You may use the following statement if asked by your customers and we encourage you to use this as an opportunity to educate customers on the importance of keeping up to date with security patches:

“The reports on the so called “Black Screens” was investigated by Microsoft and found to be inaccurate. The company which issued the report has apologized and made a full retraction. Windows 7 security updates was not the cause of the black screens. There is no fix or update necessary for this, but customers should keep their anti-virus software up-to-date as a preventative measure. So far, Microsoft is not seeing an occurrence of this particular issue in our support channels locally.

Exchange 2010 Mailbox Server Role Requirements Calculator

Here I am at Sin City, Las Vegas. What a experience I must admit!!

All this made possible by my boss, Steve Krems, without him I would not be what I am today. I would not have such opportunities to learn and do so much. He has guide me very well. Thank you Steve.

Exchange 2010 was officially RTM on 9 Nov 2009, cool. I attended a session by Ross Smith and Ross released this very useful tool that I strongly think that all Exchange Administrators who are planning for Exchange 2010 must have.

This is a tool that help to design your solution. This is the link to Ross Smith’s blog Exchange 2010 Mailbox Server Role Requirements Calculator and it is a long article. But definitely worth you spending your time reading through it.


Remote Server Administration Tools for Windows 7

Remote Server Administration Tools for Windows 7 is a handy companion for IT administrators to remote managed their servers.

I am going to show you how I use it to remote managed my Hyper-V server host.

Here is the download link:

Installation is simple – Accept the agreement.


And install…


You might want to browse the help contents to learn more.


You need to go to “Turn Windows features on or off” to enable the remote administration tools you want. I am going to select Server Manager and Hyper-V Tools.


Here I have Hyper-V tools on my Windows 7 machine and from here I can connect to my Hyper-V servers and manage them remotely.


Have fun!


Virtual PC Technet Blog

Microsoft Virtualization Team started a Windows Virtual PC blog that is managed by Prasad Saripalli, Principal Program Manager.

You can find great deal of information on the latest developments, tools and tricks on Windows Virtual PC and XP mode!!

Check it out!!

Migrating Redhat Linux 4 VM from Virtual Server 2005 to Hyper-V R2

The release of Hyper-V R2 prompted me to plan for upgrades of my virtual servers. Now upgrading from Hyper-V to Hyper-V R2 is no big feat. However, if you have Linux virtual machines on Virtual Server 2005 running on Windows 2003 Server, then inplace upgrade is not an option.

So my plan was to move my virtual machines from Virtual Server 2005 to another Hyper-V R2 server then upgrade my existing Windows 2003 Server to Windows 2008 R2. With the help of my UNIX guru, Mr Aw GuanBee, we managed to get this completed! Thank you GuanBee for your help.

Here we go, I will explain the steps as I go through them. Hopefully, it will be helpful to you.

The picture below shows my Redhat Linux 4 virtual machine running on Virtual Server 2005. The first step is to shutdown your Linux virtual machine then copy the VHD file over to your Hyper-V R2 server.


Next, create a New Virtual Machine on your Hyper-V R2 host.


No need to connect it to your virtual network yet as we will be adding a Legacy Network Adaptor later.


Assign the VHD file that you copied from your Windows 2003 Virtual Server 2005 to this new Virtual Machine.


Once you created the VM, let’s add a Legacy Network Adapter to it. This is to ensure that your system can detect and be connected to network.



Boot up the VM and you will be prompted with new hardware detection, configure the network adapter to have a static IP or DHCP and you are good to boot up.



Because Hyper-V R2 and Linux IC v2 RC2 only officially supports RHEL 5.2 and above. It is recommended to upgrade to RHEL 5.

To upgrade RHEL 4 to RHEL 5, first update your RHEL 4 to the latest update level. RHEL 4 uses up2date –u to update your system.

After your RHEL 4 is updated, insert RHEL 5 disc or ISO and bootup your VM. At the installation prompt, type linux upgradeany. This will give you an upgrade option during RHEL installation.


It might take a few hours to complete the upgrade. We are still not done as we still need to load the Linux Integration Components.


Once you completed the upgrade, run yum update to bring your system up-to-date.


Because the RHEL 5 is upgrade from RHEL 4, the kernel will be kernel-PAE. So you have to do a yum install kernel-PAE-{your kernel version}. For example, for my kernel version, I will run yum install kernel-PAE-2.6.18-164.2.1.el5.i686 and yum install kernel-PAE-devel-2.6.18-164.2.1.el5.i686.

Run yum install kernel-devel and yum install gcc.

Now we are ready to install the Linux IC. Insert the LinuxIC iso into the DVD drive and copy the contents to /opt/linuxic directory. You can issue the commands below.

mkdir /mnt/cdrom

mount /dev/cdrom /mnt/cdrom

mkdir /opt/linuxic

cp /mnt/cdrom/* /opt/linuxic/ –R

cd /opt/linuxic

Having copy the content to /opt/linuxic, issue the command “./ drivers to install the Linux Integration Components. Please do a reboot once installation completes.

Done!! We have successfully migrated the Linux VM from Microsoft Virtual Server 2005 to Hyper-V and did an upgrade from Redhat Linux 4 to Redhat Linux 5.

Introducing Microsoft Security Essentials

Microsoft introduced an antivirus protection product FREE for home PC users.

To qualify, you have to be using Genuine Copies of Windows Operating Systems (XP SP2 and SP3, Vista SP1 and SP2, and Windows 7).

Installation is simple too. Just four clicks and installation completes.

First click, Next to proceed on from Welcome Screen.


Second click is to Accept the license agreement.


Third click is to validate your copy of Microsoft Windows.


Fourth click is to begin installation.


Installation in progress…


And we are done!!!


This is how it looks.


You might want to change the default settings to suit your needs, else leave it as default will be good.



More Posts « Previous page - Next page »